minor updates to cleanup secgrp rules

roles/openshift_openstack/defaults/main.yml

@@ -107,37 +107,6 @@ openshift_openstack_disable_root: true
 openshift_openstack_user: openshift
 
 # security groups
-openshift_openstack_cns_secgroup_rules:
-  # Allow rcpbind for CNS block
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 111
-    port_range_max: 111
-  # glusterfs_sshd
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 2222
-    port_range_max: 2222
-  # heketi dialing backends
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 10250
-    port_range_max: 10250
-  # glusterfs_management
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 24007
-    port_range_max: 24007
-  # glusterfs_rdma
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 24008
-    port_range_max: 24008
-  # glusterfs_bricks
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 49152
-    port_range_max: 49251
 openshift_openstack_common_secgroup_rules:
   - direction: ingress
     protocol: tcp
@@ -147,36 +116,6 @@ openshift_openstack_common_secgroup_rules:
   - direction: ingress
     protocol: icmp
     remote_ip_prefix: "{{ openshift_openstack_ssh_ingress_cidr }}"
-openshift_openstack_infra_secgroup_rules:
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 80
-    port_range_max: 80
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 443
-    port_range_max: 443
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 1936
-    port_range_max: 1936
-openshift_openstack_lb_base_secgroup_rules:
-  - direction: ingress
-    protocol: tcp
-    port_range_min: 443
-    port_range_max: 443
-    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
-  - direction: ingress
-    protocol: tcp
-    port_range_min: "{{ openshift_master_api_port | default(8443) }}"
-    port_range_max: "{{ openshift_master_api_port | default(8443) }}"
-    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
-openshift_openstack_lb_console_secgroup_rules:
-  - direction: ingress
-    protocol: tcp
-    port_range_min: "{{ openshift_master_console_port | default(8443) }}"
-    port_range_max: "{{ openshift_master_console_port | default(8443) }}"
-    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
 openshift_openstack_master_secgroup_rules:
   - direction: ingress
     protocol: tcp
@@ -218,6 +157,12 @@ openshift_openstack_master_secgroup_rules:
     protocol: tcp
     port_range_min: 9090
     port_range_max: 9090
+openshift_openstack_etcd_secgroup_rules:
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 2379
+    port_range_max: 2380
+    remote_mode: remote_group_id
 openshift_openstack_node_secgroup_rules:
   # NOTE(shadower): the 53 rules are needed for Kuryr
   - direction: ingress
@@ -263,21 +208,64 @@ openshift_openstack_node_secgroup_rules:
     port_range_min: 30000
     port_range_max: 32767
     remote_ip_prefix: "{{ openshift_openstack_subnet_cidr }}"
-openshift_openstack_etcd_secgroup_rules:
+openshift_openstack_infra_secgroup_rules:
   - direction: ingress
     protocol: tcp
-    port_range_min: 2379
-    port_range_max: 2379
-    remote_mode: remote_group_id
-    remote_group_id: { get_resource: master-secgrp }
+    port_range_min: 80
+    port_range_max: 80
   - direction: ingress
     protocol: tcp
-    port_range_min: 2380
-    port_range_max: 2380
-    remote_mode: remote_group_id
-openshift_openstack_etcd_flat_secgroup_rules:
+    port_range_min: 443
+    port_range_max: 443
   - direction: ingress
     protocol: tcp
-    port_range_min: 2379
-    port_range_max: 2380
-    remote_mode: remote_group_id
+    port_range_min: 1936
+    port_range_max: 1936
+openshift_openstack_cns_secgroup_rules:
+  # Allow rcpbind for CNS block
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 111
+    port_range_max: 111
+  # glusterfs_sshd
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 2222
+    port_range_max: 2222
+  # heketi dialing backends
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 10250
+    port_range_max: 10250
+  # glusterfs_management
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 24007
+    port_range_max: 24007
+  # glusterfs_rdma
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 24008
+    port_range_max: 24008
+  # glusterfs_bricks
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 49152
+    port_range_max: 49251
+openshift_openstack_lb_base_secgroup_rules:
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 443
+    port_range_max: 443
+    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
+  - direction: ingress
+    protocol: tcp
+    port_range_min: "{{ openshift_master_api_port | default(8443) }}"
+    port_range_max: "{{ openshift_master_api_port | default(8443) }}"
+    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
+openshift_openstack_lb_console_secgroup_rules:
+  - direction: ingress
+    protocol: tcp
+    port_range_min: "{{ openshift_master_console_port | default(8443) }}"
+    port_range_max: "{{ openshift_master_console_port | default(8443) }}"
+    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"

roles/openshift_openstack/templates/heat_stack.yaml.j2

@@ -329,7 +329,7 @@ resources:
 {% for rule in openshift_openstack_master_secgroup_rules|list %}
         - {{ rule|to_json }}
 {% endfor %}
-{% for rule in openshift_openstack_etcd_flat_secgroup_rules|list %}
+{% for rule in openshift_openstack_etcd_secgroup_rules|list %}
         - {{ rule|to_json }}
 {% endfor %}
 {% for rule in openshift_openstack_node_secgroup_rules|list %}